We're using Splunk 8.1.2 and SA-Eventgen version 7.2.1 and want to replay CSV files. Everything is installed on a Windows 10 64-bit machine.
When restarting Splunk with our eventgen app, the following error is shown in eventgen-error.log
2021-02-08 15:36:28 eventgen ERROR MainProcess Python int too large to convert to C long
Traceback (most recent call last):
File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\eventgen_core.py", line 325, in _worker_do_work
item.run()
File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\lib\eventgentimer.py", line 117, in run
self.real_run()
File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\lib\eventgentimer.py", line 131, in real_run
raw_event_size = self.predict_event_size()
File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\lib\eventgentimer.py", line 90, in predict_event_size
self.sample.loadSample()
File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\lib\eventgensamples.py", line 464, in loadSample
csv.field_size_limit(sys.maxsize)
OverflowError: Python int too large to convert to C long
The responsible line is found in eventgensamples.py in line 464:
csv.field_size_limit(sys.maxsize)
After changing the line above to (just an example)
csv.field_size_limit(100000000)
eventgen starts sending events to Splunk.
It seems to be, that this error occurs on Windows (64 bit???) systems only. We tested it on a Linux machine and it worked as expected.
We're using Splunk 8.1.2 and SA-Eventgen version 7.2.1 and want to replay CSV files. Everything is installed on a Windows 10 64-bit machine. When restarting Splunk with our eventgen app, the following error is shown in eventgen-error.log
2021-02-08 15:36:28 eventgen ERROR MainProcess Python int too large to convert to C long Traceback (most recent call last): File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\eventgen_core.py", line 325, in _worker_do_work item.run() File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\lib\eventgentimer.py", line 117, in run self.real_run() File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\lib\eventgentimer.py", line 131, in real_run raw_event_size = self.predict_event_size() File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\lib\eventgentimer.py", line 90, in predict_event_size self.sample.loadSample() File "C:\Program Files\Splunk\etc\apps\SA-Eventgen\lib\splunk_eventgen\lib\eventgensamples.py", line 464, in loadSample csv.field_size_limit(sys.maxsize) OverflowError: Python int too large to convert to C long
The responsible line is found in eventgensamples.py in line 464: csv.field_size_limit(sys.maxsize)
After changing the line above to (just an example)
eventgen starts sending events to Splunk.
It seems to be, that this error occurs on Windows (64 bit???) systems only. We tested it on a Linux machine and it worked as expected.